No need to run hack_fs

As the embed fs packaged all files.
And bump upx version.

.drone.yml

@@ -96,6 +96,21 @@ steps:
     event:
     - push
 
+- name: image-scan-head
+  image: aquasec/trivy
+  commands:
+  - trivy image --no-progress --ignore-unfixed --severity HIGH,CRITICAL --scanners vuln --exit-code 1 cnrancher/kube-explorer:head-linux-amd64
+  volumes:
+  - name: docker
+    path: /var/run/docker.sock
+  when:
+    ref:
+      include:
+      - "refs/heads/main"
+      - "refs/heads/v*"
+    event:
+    - push
+
 - name: docker-publish
   pull: default
   image: plugins/docker

.gitignore

@@ -19,3 +19,5 @@
 /dist
 /build
 *.swp
+
+/.vscode

Dockerfile.dapper

@@ -1,30 +1,28 @@
-FROM golang:1.17
-
+FROM registry.suse.com/bci/golang:1.21
+ARG PROXY
+ARG GOPROXY
 ARG DAPPER_HOST_ARCH
 ENV HOST_ARCH=${DAPPER_HOST_ARCH} ARCH=${DAPPER_HOST_ARCH}
+ENV https_proxy=${PROXY} \
+    http_proxy=${PROXY}
 
-RUN apt-get update && \
-    apt-get install -y ca-certificates git wget curl xz-utils && \
-    rm -f /bin/sh && ln -s /bin/bash /bin/sh && \
-    curl -sL https://github.com/upx/upx/releases/download/v3.96/upx-3.96-${ARCH}_linux.tar.xz | tar xvJf - --strip-components=1 -C /tmp && \
+RUN zypper -n install ca-certificates git-core wget curl unzip tar vim less file xz
+RUN zypper install -y -f docker
+
+ENV UPX_VERSION 4.2.1
+RUN curl -sL https://github.com/upx/upx/releases/download/v${UPX_VERSION}/upx-${UPX_VERSION}-${ARCH}_linux.tar.xz | tar xvJf - --strip-components=1 -C /tmp && \
     mv /tmp/upx /usr/bin/
 
 RUN if [ "${ARCH}" == "amd64" ]; then \
-    curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.43.0; \
+    curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.54.2; \
     fi
 
-ENV DOCKER_URL_amd64=https://get.docker.com/builds/Linux/x86_64/docker-1.10.3 \
-    DOCKER_URL_arm=https://github.com/rancher/docker/releases/download/v1.10.3-ros1/docker-1.10.3_arm \
-    DOCKER_URL_arm64=https://github.com/rancher/docker/releases/download/v1.10.3-ros1/docker-1.10.3_arm64 \
-    DOCKER_URL=DOCKER_URL_${ARCH}
-RUN wget -O - ${!DOCKER_URL} > /usr/bin/docker && chmod +x /usr/bin/docker
-
-ENV GIT_COMMIT="26e14afc0b652b0363fc38e05ef28aa99d26694c" \
-    GIT_BRANCH="ke/v0.2" \
+ENV GIT_COMMIT="b5d6adfbc855c3e0ef458e0aa0939c2582b8073f" \
+    GIT_BRANCH="ke/v0.3" \
     GIT_SOURCE=${GOPATH}/src/github.com/rancher/steve \
-    CATTLE_DASHBOARD_UI_VERSION="v2.6.9-rc1-kube-explorer-ui-rc1"
+    CATTLE_DASHBOARD_UI_VERSION="v2.7.5-kube-explorer-ui-rc7"
 
-ENV DAPPER_ENV REPO TAG DRONE_TAG CROSS
+ENV DAPPER_ENV REPO TAG DRONE_TAG CROSS GOPROXY
 ENV DAPPER_SOURCE /opt/kube-explorer
 ENV DAPPER_OUTPUT ./bin ./dist
 ENV DAPPER_DOCKER_SOCKET true

deploy/kubectl/README.md

@@ -0,0 +1,12 @@
+## Access Control Via Basic Auth
+
+Deploy the kube-explorer workload:
+
+```
+kubectl create -f .
+```
+
+Configure for different IngressClass:
+
+- [Nginx Ingress](./nginx-auth)
+- [Traefik Ingress](./traefik-v2-auth)

deploy/kubectl/nginx-auth/README.md

@@ -1,4 +1,4 @@
-## Traefik Auth
+## Ingress-Nginx Basic Auth
 
 This can be used in the cluster which uses the nginx-ingress.
 
@@ -13,9 +13,9 @@ htpasswd -nb username password | base64
 To install this mode, just run this script:
 
 ```
-kubectl apply -f ./secret.yaml
-export MY_XIP_IO=$(curl -sL ipinfo.io/ip)
-envsubst < ./ingress.yaml.tpl | kubectl apply -f -
+kubectl create -f ./secret.yaml
+export MY_IP=$(curl -sL ipinfo.io/ip)
+envsubst < ./ingress.yaml.tpl | kubectl create -f -
 ```
 
 For more infos: https://kubernetes.github.io/ingress-nginx/examples/auth/basic/

deploy/kubectl/nginx-auth/ingress.yaml.tpl

@@ -1,8 +1,8 @@
 # Note: please replace the host first
-# To use xip.io: http://xip.io/
+# To use sslip.io: https://sslip.io/
 # To get your public IP: curl ipinfo.io/ip
 
-apiVersion: networking.k8s.io/v1beta1
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: kube-explorer
@@ -10,16 +10,18 @@ metadata:
   labels:
     app: kube-explorer
   annotations:
-    kubernetes.io/ingress.class: "nginx"
     nginx.ingress.kubernetes.io/auth-type: basic
     nginx.ingress.kubernetes.io/auth-secret: kube-explorer
     nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - kube-explorer'
 spec:
   rules:
-  - host: "${MY_XIP_IO}.xip.io"
+  - host: "${MY_IP}.sslip.io"
     http:
       paths:
       - path: /
+        pathType: Prefix
         backend:
-          serviceName: kube-explorer
-          servicePort: 8989
+          service:
+            name: kube-explorer
+            port:
+              number: 8989

deploy/kubectl/traefik-v1-auth/README.md

@@ -13,9 +13,9 @@ htpasswd -nb username password | base64
 To install this mode, just run this script:
 
 ```
-kubectl apply -f ./secret.yaml
-export MY_XIP_IO=$(curl -sL ipinfo.io/ip)
-envsubst < ./ingress.yaml.tpl | kubectl apply -f -
+kubectl create -f ./secret.yaml
+export MY_IP=$(curl -sL ipinfo.io/ip)
+envsubst < ./ingress.yaml.tpl | kubectl create -f -
 ```
 
 For more infos: https://doc.traefik.io/traefik/v1.7/configuration/backends/kubernetes/

deploy/kubectl/traefik-v1-auth/ingress.yaml.tpl

@@ -1,5 +1,5 @@
 # Note: please replace the host first
-# To use xip.io: http://xip.io/
+# To use sslip.io: https://sslip.io/
 # To get your public IP: curl ipinfo.io/ip
 
 apiVersion: networking.k8s.io/v1beta1
@@ -16,7 +16,7 @@ metadata:
     ingress.kubernetes.io/auth-remove-header: "true"
 spec:
   rules:
-  - host: "${MY_XIP_IO}.xip.io"
+  - host: "${MY_IP}.sslip.io"
     http:
       paths:
       - path: /

deploy/kubectl/traefik-v2-auth/README.md

@@ -0,0 +1,21 @@
+## Traefik Auth
+
+This can be used in K3s, as K3s use traefik as the default ingress class.
+
+We use `basic-auth` to control the access of kube-explorer. The auth token is stored in the secret.
+
+The default user is `niusmallnan`, and password is `dagedddd`. You can replace to another value with `htpasswd` tool.
+
+```
+htpasswd -nb username password | base64
+```
+
+To install this mode, just run this script:
+
+```
+kubectl create -f ./middleware.yaml
+export MY_IP=$(curl -sL ipinfo.io/ip)
+envsubst < ./ingress.yaml.tpl | kubectl create -f -
+```
+
+For more infos: https://doc.traefik.io/traefik/middlewares/http/basicauth/

deploy/kubectl/traefik-v2-auth/ingress.yaml.tpl

@@ -0,0 +1,25 @@
+# Note: please replace the host first
+# To use sslip.io.io: https://sslip.io.io/
+# To get your public IP: curl ipinfo.io/ip
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: kube-explorer
+  namespace: kube-system
+  labels:
+    app: kube-explorer
+  annotations:
+    traefik.ingress.kubernetes.io/router.middlewares: kube-system-kube-explorer@kubernetescrd
+spec:
+  rules:
+  - host: "${MY_IP}.sslip.io"
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: kube-explorer
+            port:
+              number: 8989

deploy/kubectl/traefik-v2-auth/middleware.yaml

@@ -0,0 +1,28 @@
+# The definitions below require the definitions for the Middleware and IngressRoute kinds.
+# https://doc.traefik.io/traefik/reference/dynamic-configuration/kubernetes-crd/#definitions
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: kube-explorer
+  namespace: kube-system
+  labels:
+    app: kube-explorer
+spec:
+  basicAuth:
+    secret: kube-explorer
+    removeHeader: true
+
+---
+# To create an encoded user:password pair, the following command can be used:
+# htpasswd -nb user password | base64
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: kube-explorer
+  namespace: kube-system
+  labels:
+    app: kube-explorer
+data:
+  auth: bml1c21hbGxuYW46JGFwcjEkbDdUZjJOdWskbmNXajYubHYvMGNkcXM0NFoyelVQLgoK
+type: Opaque

package/Dockerfile

@@ -1,6 +1,4 @@
-FROM alpine:3.13
+FROM registry.suse.com/bci/bci-minimal:15.5
 
 COPY kube-explorer entrypoint.sh /usr/bin/
-# Hack to make golang do files,dns search order
-ENV LOCALDOMAIN=""
 ENTRYPOINT ["entrypoint.sh"]

scripts/build

@@ -5,6 +5,7 @@ source $(dirname $0)/version
 
 OS_ARCH_ARG_LINUX="amd64 arm arm64"
 OS_ARCH_ARG_DARWIN="amd64 arm64"
+OS_ARCH_ARG_WINDOWS="amd64"
 
 LD_INJECT_VALUES="-X github.com/rancher/steve/pkg/version.Version=$VERSION
                   -X github.com/rancher/steve/pkg/version.GitCommit=$COMMIT"
@@ -31,6 +32,15 @@ if [ -n "$CROSS" ]; then
                 "$LD_INJECT_VALUES" \
                 -o ${OUTPUT_BIN}
     done
+
+    for ARCH in ${OS_ARCH_ARG_WINDOWS}; do
+        OUTPUT_BIN="bin/kube-explorer-windows-$ARCH.exe"
+        echo "Building binary for windows/$ARCH..."
+        GOARCH=$ARCH GOOS=windows CGO_ENABLED=0 go build -tags embed \
+                -ldflags \
+                "$LD_INJECT_VALUES" \
+                -o ${OUTPUT_BIN}
+    done
 else
     # only build one for current platform
     CGO_ENABLED=0 go build -tags embed \
@@ -39,8 +49,10 @@ else
         -o bin/kube-explorer
 fi
 
+mkdir -p $DAPPER_SOURCE/bin
+
 for f in $(ls ./bin/); do
-    if [[ $f != *darwin-arm64 ]]; then
+    if [[ $f != *darwin* ]]; then
         upx -o $DAPPER_SOURCE/bin/$f bin/$f || true
     fi
     if [ -f $DAPPER_SOURCE/bin/$f ]; then

scripts/download

@@ -4,15 +4,14 @@ mkdir -p $(dirname $GIT_SOURCE)
 
 pushd $(dirname $GIT_SOURCE)
 
-git clone --depth=1 --branch ${GIT_BRANCH} https://github.com/niusmallnan/steve.git
+git clone --depth=1 --branch ${GIT_BRANCH} https://github.com/orangedeng/ke-steve.git steve
 cd steve
 git reset --hard ${GIT_COMMIT}
 
 mkdir -p pkg/ui/ui/dashboard
 cd pkg/ui/ui/dashboard
-curl -sL https://pandaria-dashboard-ui.s3.ap-southeast-2.amazonaws.com/release-2.6-cn/kube-explorer-ui/${CATTLE_DASHBOARD_UI_VERSION}.tar.gz | tar xvzf - --strip-components=2
+curl -sL https://pandaria-dashboard-ui.s3.ap-southeast-2.amazonaws.com/release-2.7-cn/kube-explorer-ui/${CATTLE_DASHBOARD_UI_VERSION}.tar.gz | tar xvzf - --strip-components=2
 cp index.html ../index.html
 
 popd
 
-$(dirname $0)/hack_fs $GIT_SOURCE/pkg/ui/ui/

scripts/hack_fs

@@ -1,42 +0,0 @@
-#!/bin/bash
-
-set -ex
-
-#
-# find . -type f -name "_*"
-#
-function hack_files() {
-    for f in $(find $1 -type f -name "_*"); do
-        name=$(basename $f)
-        updir=$(dirname $f)
-        new_path=$updir/${name:1}
-        echo "move $f $new_path"
-        mv $f $new_path
-    done
-}
-
-#
-# find . -type d -name "_*"
-#
-function hack_dirs() {
-    for d in $(find $1 -mindepth 1 -maxdepth 1 -type d); do
-        if [[ ! -d $d ]]; then
-            continue
-        fi
-        name=$(basename $d)
-        if [[ ${name:0:1} == "_" ]]; then
-            updir=$(dirname $d)
-            new_path=$updir/${name:1}
-            echo "move $d $new_path"
-            mv $d $new_path
-            hack_dirs $new_path
-            continue
-        fi
-        hack_dirs $d
-    done
-}
-
-pushd $1
-hack_files .
-hack_dirs .
-popd